| CPC G05B 19/058 (2013.01) [G05B 19/052 (2013.01); G05B 19/056 (2013.01)] | 17 Claims |
|
1. A safety system for an industrial plant, comprising:
a safety network in the industrial plant, the safety network physically or logically isolated from non-safety devices in the industrial plant;
a plurality of safety programmable logic controllers (PLCs) coupled to communicate with one another over the safety network, each safety PLC operable to perform one or more safety functions related to a respective equipment in the industrial plant;
an outflow valve in communication with a target safety PLC;
wherein each safety PLC is operable to communicate with a programming application running on a safety system over the safety network to initiate a multi-PLC authentication challenge of the programming application in response to a request by the programming application to download a PLC program to the target safety PLC;
wherein in response to the multi-PLC authentication challenge, one of the plurality of safety PLCs is randomly selected as a master safety PLC;
each of the plurality of safety PLCs issues an authentication challenge to the programming application;
each of the plurality of safety PLCs receives a response to the authentication challenge from the programming application and generates verification results;
each of the plurality of safety PLCs determines whether the verification results are acceptable and provides the verification results to the master safety PLC;
the master safety PLC determines whether the number of acceptable results are greater than or equal to a minimum threshold;
wherein the programming application running on the safety system downloads the PLC program to the target safety PLC if the master safety PLC determines the number of acceptable results are greater than or equal to the minimum threshold; and
wherein the target safety PLC opens and closes the outflow valve using the downloaded program.
|